Abstract
Many algorithms are proven to work under the assumption that they have access to a source of random, uniformly distributed bits. However, in practice, sources of randomness are often imperfect, giving n random bits that have only k < n min-entropy. The value n−k is called the entropy gap of the source. Randomness condensers are hash functions that hash any such source to a shorter source with reduced entropy gap g. The goal is to lose as little entropy as possible in this process. Condensers also have an error parameter ε and use a small seed of uniformly distributed bits whose length we desire to minimize as well.
In this work, we study the exact dependencies between the different parameters of seeded randomness condensers. We obtain a non-explicit upper bound, showing the existence of condensers with entropy loss log (1+log 1/ε / g) + O(1) and seed length log (n−k / ε g) + O(1). In particular, this implies the existence of condensers with O(log 1 / ε) entropy gap and constant entropy loss. This extends (with slightly improved parameters) the non-explicit upper bound for condensers presented in the work of Dodis et al. (2014), which gives condensers with entropy loss at least log log 1 / ε. We also give a non-explicit upper bound for lossless condensers, which have entropy gap g ≥ log 1 / ε / ε + O(1) and seed length log (n−k/ ε2 g) + O(1).
Furthermore, we address an open question raised in (Dodis et al. 2014), where Dodis et al. showed an explicit construction of condensers with constant gap and O(log log 1/ ε) loss, using seed length O(n log 1 / ε). In the same article they improve the seed length to O(k log k) and ask whether it can be further improved. In this work, we reduce the seed length of their construction to O(log (n / ε)log (k / &epsiv)) by a simple concatenation.
In the analysis, we use and prove a tight equivalence between condensers and extractors with multiplicative error. We note that a similar, but non-tight, equivalence was already proven by Dodis et al. (Dodis et al. 2014) using a weaker variant of extractors called unpredictability extractors. We also remark that this equivalence underlies the work of Ben-Aroya et al. (Ben-Aroya et al. 2016) and later work on explicit two-source extractors, and we believe it is interesting in its own right.
- Avraham Ben-Aroya, Dean Doron, and Amnon Ta-Shma. 2016. Explicit two-source extractors for near-logarithmic min-entropy. In Electron. Colloq. Comput. Complex. (ECCC), Vol. 23. 88.Google Scholar
- Gil Cohen. 2017. Towards optimal two-source extractors and Ramsey graphs. In Proceedings of the 49th ACM SIGACT Symposium on Theory of Computing. ACM, 1157--1170. Google Scholar
Digital Library
- Yevgeniy Dodis, Krzysztof Pietrzak, and Daniel Wichs. 2014. Key derivation without entropy waste. In Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer, 93--110.Google Scholar
Cross Ref
- Venkatesan Guruswami, Christopher Umans, and Salil Vadhan. 2009. Unbalanced expanders and randomness extractors from Parvaresh--Vardy codes. J. ACM 56, 4 (2009), 20. Google Scholar
Digital Library
- Wassily Hoeffding. 1963. Probability inequalities for sums of bounded random variables. J. Amer. Statist. Assoc. 58, 301 (1963), 13--30. http://www.jstor.org/stable/2282952.Google Scholar
Digital Library
- Xin Li. 2017. Improved non-malleable extractors, non-malleable codes, and independent source extractors. In Proceedings of the 49th ACM SIGACT Symposium on Theory of Computing. ACM, 1144--1156. Google Scholar
Digital Library
- Jaikumar Radhakrishnan and Amnon Ta-Shma. 2000. Bounds for dispersers, extractors, and depth-two superconcentrators. SIAM J. Disc. Math. 13, 1 (2000), 2--24. Google Scholar
Digital Library
- Ran Raz, Omer Reingold, and Salil Vadhan. 2002. Extracting all the randomness and reducing the error in Trevisan’s extractors. J. Comput. System Sci. 65, 1 (2002), 97--128. Google Scholar
Digital Library
- Amnon Ta-Shma and Christopher Umans. 2006. Better lossless condensers through derandomized curve samplers. In Proceedings of the 47th IEEE Symposium on Foundations of Computer Science (FOCS’06). IEEE, 177--186. Google Scholar
Digital Library
- Amnon Ta-Shma and Christopher Umans. 2012. Better condensers and new extractors from Parvaresh-Vardy codes. In Proceedings of the 27th IEEE Conference on Computational Complexity (CCC’12). IEEE, 309--315. Google Scholar
Digital Library
- Amnon Ta-Shma, Christopher Umans, and David Zuckerman. 2001. Loss-less condensers, unbalanced expanders, and extractors. In Proceedings of the 33rd ACM Symposium on Theory of Computing. ACM, 143--152. Google Scholar
Digital Library
- Salil P. Vadhan. 2012. Pseudorandomness. Foundations and Trends® in Theoretical Computer Science 7, 1--3 (2012), 1--336. Google Scholar
Digital Library
Index Terms
On the Entropy Loss and Gap of Condensers
Recommendations
Extracting Randomness via Repeated Condensing
Extractors (as defined by Nisan and Zuckerman) are procedures that use a small number of truly random bits (called the seed) to extract many (almost) truly random bits from arbitrary distributions as long as distributions have sufficient (min)-...
Better Condensers and New Extractors from Parvaresh-Vardy Codes
CCC '12: Proceedings of the 2012 IEEE Conference on Computational Complexity (CCC)We give a new construction of condensers based on Parvaresh-Vardy codes [PV]. Our condensers have entropy rate $(1 - \alpha)$ for sub constant $\alpha$ (in contrast to [GUV] which required constant $\alpha$) and suffer only sub linear entropy loss. ...
Practical Detection of Entropy Loss in Pseudo-Random Number Generators
CCS '16: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications SecurityPseudo-random number generators (PRNGs) are a critical infrastructure for cryptography and security of many computer applications. At the same time, PRNGs are surprisingly difficult to design, implement, and debug. This paper presents the first static ...






Comments